Lukas Reschke
d4f97affc1
Add database ratelimiting backend
In case no distributed memory cache is specified this adds
a database backend for ratelimit purposes.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2 years ago
Daniel Kesselberg
0a15043f69
Throw exception if encrypting the data failed.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2 years ago
John Molakvoæ (skjnldsv)
215aef3cbd
Update php licenses
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
3 years ago
J0WI
ca7b37ce5a
Make Security module strict
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
3 years ago
Lukas Reschke
e5a4236e68
Increase subnet matcher
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
3 years ago
Roeland Jago Douma
16652ac6c6
Explicitly check hex2bin input
For #23197
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
3 years ago
dependabot-preview[bot]
eb502c02ff
Bump nextcloud/coding-standard from 0.3.0 to 0.5.0
Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard ) from 0.3.0 to 0.5.0.
- [Release notes](https://github.com/nextcloud/coding-standard/releases )
- [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
3 years ago
Morris Jobke
24d436cb60
Remove unneeded casts that were found by Psalm
In preparation of the update of Psalm from 4.2.1 to 4.3.1+ (see https://github.com/nextcloud/server/pull/24521 )
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
3 years ago
Christoph Wurst
d89a75be0b
Update all license headers for Nextcloud 21
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
3 years ago
Julius Härtl
f5501ca276
Avoid checking for brute force protection capabilities when upgrading
This might happen a releases that doesn't have this table yet
Signed-off-by: Julius Härtl <jus@bitgrid.net>
3 years ago
Joas Schilling
5b5aebbf66
Replace the credentials table with one that can have empty user
Primary key columns on Oracle can not have empty strings
Signed-off-by: Joas Schilling <coding@schilljs.com>
3 years ago
Joas Schilling
1aa9c9164d
Fix comparing the empty string for global credentials
Signed-off-by: Joas Schilling <coding@schilljs.com>
3 years ago
Joas Schilling
8027dcbc6f
Don't leave cursors open when tests fail
Signed-off-by: Joas Schilling <coding@schilljs.com>
3 years ago
Roeland Jago Douma
54b9f639a6
Always return the default path if we can
Just check in the certifcate manager. So every part of the system that
request the certificatebundle gets the defaullt one (the 99% case) if we
can.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
3 years ago
Morris Jobke
dc479aae2d
Improve CertificateManager to not be user context dependent
* removes the ability for users to import their own certificates (for external storage)
* reliably returns the same certificate bundles system wide (and not depending on the user context and available sessions)
The user specific certificates were broken in some cases anyways, as they are only loaded if the specific user is logged in and thus causing unexpected behavior for background jobs and other non-user triggered code paths.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
3 years ago
lynn-stephenson
648b60fa0e
Derive encryption key & MAC key from a single key.
Signed-off-by: lynn-stephenson <lynn.stephenson@protonmail.com>
3 years ago
Roeland Jago Douma
8fae2beece
Limit throttler to 48 hours
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
3 years ago
Roeland Jago Douma
6c1b542def
Add cleanup job for old brutefoce attempts
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
3 years ago
Christoph Wurst
d9015a8c94
Format code to a single space around binary operators
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
3 years ago
Morris Jobke
99c9423766
Remove @suppress SqlInjectionChecker
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
3 years ago
Joas Schilling
c25063dc07
Don't break when the IP is empty
Signed-off-by: Joas Schilling <coding@schilljs.com>
3 years ago
Christoph Wurst
2a054e6c04
Update the license headers for Nextcloud 20
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
3 years ago
Joas Schilling
35a8519591
Fix CS
Signed-off-by: Joas Schilling <coding@schilljs.com>
3 years ago
Joas Schilling
770381c0c6
Correctly return ms delay when at max
Signed-off-by: Joas Schilling <coding@schilljs.com>
3 years ago
Joas Schilling
931aca2fee
Add missing default
Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Joas Schilling
d9c4c9eb99
Simplify array filter
Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Joas Schilling
dfeee3b850
Fix wrong doc + type hint
Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Joas Schilling
8376c4891f
Only throw when also the last 30 mins were attacking
Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Joas Schilling
6f751d01db
Make the throttling O(2^n) instead of O(n^n)
Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Joas Schilling
64539a6ee1
Make Throttler strict
Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Joas Schilling
c8fea66d65
Split delay calculation from getting the attempts
Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Joas Schilling
cdb36c8ead
Let the database count the entries
Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Joas Schilling
e66bc4a8a7
Send "429 Too Many Requests" in case of brute force protection
Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Morris Jobke
c0be7e329f
Prefer typed event over string based ones
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
3 years ago
Morris Jobke
bd997a105c
Fix code style
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
4 years ago
Roeland Jago Douma
35ff4aa1c6
Use random_bytes
Since we don't care if it is human readbale.
The code is backwards compatible with the old format.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
4 years ago
MichaIng
229570badf
Apply Argon2 options for Argon2id hashing as well
Signed-off-by: MichaIng <micha@dietpi.com>
4 years ago
MichaIng
ad60619655
Fix Argon2 options checks
The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum.
Options are now applied the following way:
- If config.php contains the setting with an integer higher or equal to the minimum, it is applied.
- If config.php contains the setting with an integer lower than the minimum, the minimum is applied.
- If config.php does not contain the setting or with no integer value, the PHP default is applied.
Signed-off-by: MichaIng <micha@dietpi.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
4 years ago
Christoph Wurst
cb057829f7
Update license headers for 19
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
4 years ago
Arthur Schiwon
5437844b7e
fix credentialsManager documentation and ensure userId to be used as string
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
4 years ago
Christoph Wurst
28f8eb5dba
Add visibility to all constants
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
4 years ago
Christoph Wurst
caff1023ea
Format control structures, classes, methods and function
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
4 years ago
Christoph Wurst
14c996d982
Use elseif instead of else if
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
4 years ago
Christoph Wurst
afbd9c4e6e
Unify function spacing to PSR2 recommendation
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
4 years ago
Christoph Wurst
41b5e5923a
Use exactly one empty line after the namespace declaration
For PSR2
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
4 years ago
Christoph Wurst
2fbad1ed72
Fix (array) indent style to always use one tab
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
4 years ago
Christoph Wurst
1a9330cd69
Update the license headers for Nextcloud 19
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
4 years ago
Christoph Wurst
b80ebc9674
Use the short array syntax, everywhere
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
4 years ago
Johannes Riedel
0c38569c83
Implement occ command security:bruteforceattemps:reset-for-ip
Signed-off-by: Johannes Riedel <joeried@users.noreply.github.com>
4 years ago
Pavel Krasikov
f11dee9bc4
fix safari useragent for versions with 3 digits
Signed-off-by: Pavel Krasikov <klonishe@gmail.com>
4 years ago